Is 1Password secure enough for bitcoins?
I'd like to store the private keys for some bitcoin addresses somewhere secure but also easy to access. 1Password seems like a good option, but I want to be sure that it's viable due to the money involved.
I'd basically just want to store the Bitcoin public and private key, like this:
Public Key: 14qitwABZX8lwe6FQ8WvTzNq56pStmy1F3
Private Key: 5JrgoeNu7NcktKRkX4oaL9PsHXY5scrKd8AHLbrvaaleFhkbBhp
...in a note within 1Password for Mac. This is also synced up with my iPhone 1Password and another Mac over Dropbox.
Is this too risky? Anyone who can see that private key will be able to access and withdraw all the bitcoins for the public address. Where's the weak point in this set up in terms of someone getting my private keys?
Comments
-
Why use a Secure Note (which is vulnerable to shoulder-surfing) rather than a Password data type, which will obscure the private key? If you want to obscure the public key as well, you can choose a data type with two password fields, such as Servers or Wireless Routers. You could use 1P/4’s custom field feature to have as many obscured fields as you like in any data type, but I prefer to keep my keychain fully compatible with 1P/3 and 1P/Win.
In terms of risk, I personally accept the Agilebits line that the weak link in 1Password security is the strength of your master password (assuming that you use conservative security settings on your Macs, your iPhone, and your 1Password apps).
I don’t see anything special about bitcoin, btw; I entrust my banking, credit card, and brokerage logins to 1Password!!
0 -
Ha, thank you. Just the kind of answer I was hoping for. It looks as though the "Generic Account" does the trick, and it provides a nice unused icon to separate the coin addresses from other secured data.
By the way, are the results of this password tool somewhat helpful for a noob? https://howsecureismypassword.net/
0 -
Hey @matt_t,
That site could be helpful at giving you a basic idea of secure a password is.
But, an important disclaimer:
You should never enter your Master Password into anything that isn't 1Password. For your own protection, please do not ever type it into a "password testing" website. That same advice could apply for any password you are using (not just your 1Password master password).
Here's another password strength tester that I sometimes use: https://dl.dropboxusercontent.com/u/209/zxcvbn/test/index.html
It's a bit more advanced than the one you posted. But remember, it's not a good idea to enter an actual password that you're using (especially your master password).
Hope that helps! :)
0 -
Thanks Jasper, certainly does help. Also, that password tool is just what I was looking for.
0 -
There's lots in these forums on choosing strong master passwords, but a good starting point is this blog post.
It looks as though the "Generic Account" does the trick,
?? I did not think that the 1Password 3 Generic Account category was carried over into 1Password 4.
0